940b45a035c5f7210b65e64c8494f2b9c4e6c6896f3506f13dc43374934ecb2a

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff22ceda15aa5f0cafe90bad4d366be1_JaffaCakes118.html
Size

34KB
MD5

ff22ceda15aa5f0cafe90bad4d366be1
SHA1

8deeb819b5b771ca6f7844ce87a641774b1ca829
SHA256

940b45a035c5f7210b65e64c8494f2b9c4e6c6896f3506f13dc43374934ecb2a
SHA512

b9a949082dd67b16340190fffb898c7bed44c143f9e51398859158dafb385ea64df882dc8fa16790376e1f503c6461c1767d082524dd49642b695e1afee2bb32
SSDEEP

384:p9cKqFv05JUJoKTsd5HSChuAUrvcCyZgwp5wv02Dx9PbGXPN/1uvdPuXLSPYaPC1:8xFmSwDUGmJRT2ElrqvfR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
452	msedge.exe
452	msedge.exe
2832	identity_helper.exe
2832	identity_helper.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4460	452	msedge.exe	86
PID 452 wrote to memory of 4460	452	msedge.exe	86
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4148	452	msedge.exe	87
PID 452 wrote to memory of 4844	452	msedge.exe	88
PID 452 wrote to memory of 4844	452	msedge.exe	88
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89
PID 452 wrote to memory of 4640	452	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ff22ceda15aa5f0cafe90bad4d366be1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe31f46f8,0x7ffbe31f4708,0x7ffbe31f4718
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2855857900521202881,1982901364890948565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d9da931f98579d9af12b0cddeea667a

SHA1
5f02b023ce6b879af428b39ce9573f2343ef4771

SHA256
ae100e49b8a80ae8b977141fca8c9d0b35112f92af89ebe4dc5dbf2b1311fff0

SHA512
bd338bf14893d2c2f529eb0542b6b82e2beed5614d449c4147a87067f6ba1ff8d7bb178ad56d7b1491acd9d08d5bac5d1906160cf14998a13957117967a28680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e95d45b99ee46b05441be74a152f3af8

SHA1
76adb523ca3943c8eeb4793a7daaa1f27cbab7d4

SHA256
435d76228edca3be83910f980b82f508e25541918fc3d7c4278a77307c880fb0

SHA512
35ec6bb16d0aba61622e6c9c8d1d4823b8d3e13644ab0b849cace25e0ed2adcf3cd98f6e7e7a24be8c64e360ea3be71523ed12d3c061d88eaa24276bfd91da80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
315B

MD5
32df0190bbce9aa3368045f480407b93

SHA1
9d11be6d590b4885e6c3bd13f39f85ef0e23025b

SHA256
86ecefed37c4d6e3242c18275e91ebf9e73f5e40b3a912df839e9c46eff79801

SHA512
0f26739933186717b26cef733b62c209f9d591547a9bf745cdac431d078dbbd92d8a4af8a6e628f224a70d6c12589bcef00ae523354aa8027c45551a912f0bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d332e639b1d42cfe53de3572acb2d2d2

SHA1
63dbdf9e6c9c4fbd7c8064a65a443b0292e42523

SHA256
5a2226506663fa344c4402d10f1acc01d98a94fab8fde7997e4d2ac4ce6df348

SHA512
e5cd5df45d6a76bab95be78d3e292e4b6341aff2c6b4f2ca909935405d03441d1b82920a57bf871945117c875fae4ee02337e806ab8ae5506d4dfd250bc8c834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfda2bac1a290b2d36de11c075fc97f4

SHA1
bcf056d342b7374b08d72e05b19f63b09af00f11

SHA256
de41efdec4bdef8b3b888484f89bc978ffa6eaed20186c2c7339d7d7e218d587

SHA512
4f110115abe85a817f2a4245af5c99280e039ddcb0024041e54794ed59e9755a11576e0117dc801ed485960f5bd9995efbab8d2b845da49bc015896b1462e914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
576e83c1432aa0b2a97b98e1e603ee45

SHA1
b8ac02412b03cf249f4943bbd85ebbd85f3a8889

SHA256
a14ba96dfa9b38b9981de1b12529c08bc3e884cb7ecae60f6a3c5418dafd736e

SHA512
3c763bdcccfdf9415cbec63269cf3d88666ed9231143cb002f813ebbcf0d8e2d21d87e179c37bd9f2d35dd0abfe8b9f018ba81c2e1b01699cfc5a8d6f9139266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d93067ca6a063dc84296c4a379bc034

SHA1
4449306e48a01c7f9244f6ed98119769aafed67a

SHA256
5327265f02a70e52e3134af204c2fcfd88fbdab336c386794b72b160af6c308a

SHA512
8720a43c3fd8814eeb606d0edbbd081b5b4c4c4375e16025ff96c8394a83f95d7bbc6bc4518a6b04ad880c123e3980838cd54741ccfd6a9bc5d34c51ee8eb953

Download Submit